Here’s why phishing works.
Really. It’s that simple. If you have many domain names, and no easy way for users to identify which ones are legit, you are making life easy for phishers.
Every time you tell a customer to interact with a domain other than your primary domain, you are training them to fall for phish attacks. Period.